What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
March 26, 2019.
By the CyberWire staff
The ASUS backdoor Kaspersky disclosed recently has been independently confirmed by Symantec. Motherboard broke the story yesterday, and reporter Kim Zetter notes that it took ASUS some time to respond (and that their response didn't acknowledge Kaspersky's role in finding the compromised utility). Kaspersky calls the backdoor "Operation ShadowHammer." It spread through the ASUS Live Update Utility and gave attackers access to, and control over, infected machines. The Trojanized utility was hosted on ASUS's site and signed with an ASUS certificate, which Kaspersky says no doubt helped it evade detection.
57,000 has been widely quoted as the number of users hit, but that's just the number of Kaspersky installations detecting ShadowHammer. Kaspersky guesses the victim tally is around a million.
There's no attribution yet, beyond calling the attackers an "APT," which usually means a nation-state. Problems with the ASUS supply chain have been suspected for some time. As ITWire points out, Duo Security flagged issues with the OEM updater utility back in 2016.
The Washington Post has a useful review of the conclusions and implications of the Mueller investigation into Russian influence operations against US elections.
FEMA's data mishandling incident seems likely, the Washington Post says, to serve as a test case for the US Administration's stated determination to hold agencies responsible for this sort of misstep.
Bravo, Emsisoft, which has just released a decryptor for the recent round of PewDiePie-boosting ransomware. (The ransomware campaign was mounted by the YouTube "star's" "fans" in an effort to boost their hero's profile.)
Today's issue includes events affecting Canada, China, India, Israel, Democratic Peoples Republic of Korea, Norway, Pakistan, Philippines, Russia, Saudi Arabia, Taiwan, United Arab Emirates, United States, and Venezuela.
Global Threat Report: Year of the Next-Gen Cyberattack
Our Threat Analysis Unit researched the current state of cyberattacks across our customer base with our IR partners. See the results.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Johns Hopkins University, as Joe Carrigan shares his thoughts on recent revelations that Facebook was making unencrypted passwords accessible to thousands of employees. Our guest, Greg Jensen from Oracle, discusses their 2019 Cloud Threat Report.
Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th(Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Major U.S. Chemical Firms Hit by Cyberattack(SecurityWeek) Operations at two major US-based chemical companies, Hexion and Momentive, have been disrupted by a cyberattack reportedly involving LockerGoga, the ransomware that recently hit aluminum giant Norsk Hydro.
The odd case of a Gh0stRAT variant(AT&T Cybersecurity Alien Labs) This is a guest post by independent security researcher James Quinn. This will be Part 1 of a series titled Reversing Gh0stRAT Variants. As 2018 drew to a close and 2019 took over, I began to see a different behavior from SMB malware authors. Instead of massive, multi-staged cryptocurrency miners, I began to see more small, covert RATs serving as partial stage1’s. Of these samples, there was one specific sample that stood out to me. A Gh0stRAT variant, this
Barracuda intel exposes latest strategies cybercriminals use to get past email security gateways(CRN - India) Barracuda has released key findings from a report, ‘Spear Phishing: Top Threats and Trends’. Barracuda researchers evaluated more than 360,000 spear-phishing emails in a three-month period, identifying and analysing three major types of attacks: brand impersonation, business email compromise, and blackmail. The report takes an in-depth look at how these three types of attacks work, …
Vulnerability Summary for the Week of March 18, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
iOS 12.2 Patches Over 50 Security Vulnerabilities(BleepingComputer) Apple released today security updates for iOS, fixing 51 vulnerabilities in version 12.2 of the operating system. The products impacted are iPhone 5s and later, iPad Air and newer, 6th generation iPods.
Annual SonicWall Cyber Threat Report Details Rise in Worldwide, Targeted Attacks(SonicWall) Record-high 10.52 billion malware attacks in 2018 391,689 new attack variants identified Escalation of IoT attacks, 217 percent increase from 2017 2 percent malware attacks leveraged non-standard ports MILPITAS, Calif. — March 26, 2019 — SonicWall today announced the release of the 2019 SonicWall Cyber Threat Report that delivers an in-depth look at threat intelligence …
Internet Security Report - Q4 2018(WatchGuard) The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Their smart, practical security advice contained in the Internet Security Report will enable you to better protect your organization in the ever-changing threat landscape.
Merlin invests in Wickr cybersecurity platform(Washington Technology) In a move beyond traditional reselling agreements, Merlin International has invested in Wickr, a company with a secure, anti-hacking communications platform, to develop more of those solutions for the government space.
FireEye: Staying Behind In All Metrics(Seeking Alpha) The slow growth of FireEye and its weak fundamentals have led to low performance in the stock, causing it to trade at a discount compared to the cybersecurity industry.
Akamai CEO On The Company's Push Toward Cybersecurity(Forbes) In the five plus years since Akamai co-founder, Tom Leighton, ascended to the role of CEO, revenues have more than doubled. The biggest source of growth has been the company's cybersecurity products. Leighton predicts that they will soon be the biggest part of Akamai's business.
It's OK to Hack Lawyers and Journalists: Notorious Cyberweapons Firm(Gizmodo) The founder and CEO of NSO Group, the notorious Israeli hacking company with customers around the world, appeared on CBS’s 60 Minutes Sunday night to defend the use of his company’s tools in hacking and spying on lawyers, journalists, and minors when the company’s customers determine the ends justify the means.
Tesla Model 3 Hacked on the Last Day of Pwn2Own(BleepingComputer) During the last day, Fluoroacetate's Amat Cama and Richard Zhu successfully targeted and successfully hacked their way into a Tesla Model 3's Chromium-based infotainment system as part of their automotive category demo, using "a JIT bug in the renderer to display their message."
DISA wants to keep cyber attackers locked in web browser(Federal News Network) Steve Wallace, a systems innovation scientist in the Emerging Technology Directorate at the Defense Information Systems Agency, said the agency soon will choose vendors to develop a prototype to protect the network and data from attacks that come through web browsers.
China and the Bay Area face off over AI(Silicon Valley Business Journal) The competition between the world's two premier hotbeds for artificial intelligence is really a race for who gets to define the future.
Moscow flies troops and equipment into Venezuela(Times) The United States has warned it “will not stand idly by” if Moscow continues to raise tensions in Venezuela after it emerged that two Russian aicraft landed in the country, one carrying around 100...
Kremlin declines to comment on Mueller report findings(Beatrice News Channel) The Kremlin has responded cautiously to the conclusion of special counsel Robert Mueller’s investigation that found no evidence of a conspiracy by Donald Trump’s presidential campaign to help Russia interfere in the 2016 U.S. election. Russian President Vladimir Putin’s spokesman Dmitry Peskov told reporters on Monday he couldn’t comment on Mueller’s findings since [...]
Autonomy’s value ‘was pumped up before sale’(Times) Mike Lynch, the technology tycoon, “deliberately” misrepresented dozens of contracts to “pump” up Autonomy’s revenues and make the software company appear more valuable than it was, the High Court...
Symantec 'Ghost Revenue' Flagged In New Chancery Suit(Law360) Investors in software and security company Symantec Corp. opened a Delaware Chancery Court derivative suit Monday seeking to recover for losses incurred after the company allegedly put hundreds of millions of dollars in "ghost revenue" on its books by using nonstandard accounting practices.
KNOW 2019(Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...
Cyber Security for Critical Assets Summit(Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...
SecureWorld Boston(Boston, Massachussetts, USA, March 27 - 28, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Symposium on Securing the IoT(San Francisco, California, USA, March 27 - 29, 2019) Want to share your passion and knowledge for Securing the 25 Billion devices connected to the Internet? Topics currently being selected for tracks include: Authenticating Blockchain, Secure Medical & Healthcare,...
Women in CyberSecurity (WiCyS) Conference(Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.